Security News > 2020 > November > QBot partners with Egregor ransomware in bot-fueled attacks
The Qbot banking trojan has dropped the ProLock ransomware in favor of the Egregor ransomware who burst into activity in September.
Since their launch in September 2020, Egregor has been one of the most active big game hunting ransomware operations currently active.
After the notorious Maze ransomware gang began shutting down their operation in September, many of their affiliates moved to the new Egregor operation.
While the ransomware has changed, Skulkin states that the tactics, techniques, and procedures currently used by Egregor are similar to the previous attacks with ProLock.
"The use of CobaltStike and QakBot are to watch when hunting for Egregor. More threat hunting and detection tips from Group-IB DFIR team as well as a detailed technical analysis of Egregor operations are available in Group-IB's blog," Skulkin offers as advice when defending against Egregor.
News URL
Related news
- US indicts 8Base ransomware operators for Phobos encryption attacks (source)
- RA World Ransomware Attack in South Asia Links to Chinese Espionage Toolset (source)
- Chinese espionage tools deployed in RA World ransomware attack (source)
- Lee Enterprises newspaper disruptions caused by ransomware attack (source)
- Southern Water says Black Basta ransomware attack cost £4.5M in expenses (source)
- Qilin ransomware claims attack at Lee Enterprises, leaks stolen data (source)
- Ransomware gangs exploit Paragon Partition Manager bug in BYOVD attacks (source)
- Hackers Exploit Paragon Partition Manager Driver Vulnerability in Ransomware Attacks (source)
- Hunters International ransomware claims attack on Tata Technologies (source)
- Toronto Zoo shares update on last year's ransomware attack (source)